.TH KEEPALIVED "8" "July 2018"

.na
.nh

.SH "NAME"
keepalived \- load\-balancing and high\-availability service

.SH "SYNOPSIS"
\fBkeepalived\fP
[\fB\-f\fP|\fB\-\-use\-file\fP=FILE]
[\fB\-P\fP|\fB\-\-vrrp\fP]
[\fB\-C\fP|\fB\-\-check\fP]
[\fB\-B\fP|\fB\-\-no_bfd\fP]
[\fB\-\-all\fP]
[\fB\-l\fP|\fB\-\-log\-console\fP]
[\fB\-D\fP|\fB\-\-log\-detail\fP]
[\fB\-S\fP|\fB\-\-log\-facility\fP={0-7}]
[\fB\-g\fP|\fB\-\-log\-file\fP=FILE]
[\fB\-\-flush\-log\-file\fP]
[\fB\-G\fP|\fB\-\-no\-syslog\fP]
[\fB\-X\fP|\fB\-\-release\-vips\fP]
[\fB\-V\fP|\fB\-\-dont\-release\-vrrp\fP]
[\fB\-I\fP|\fB\-\-dont\-release\-ipvs\fP]
[\fB\-R\fP|\fB\-\-dont\-respawn\fP]
[\fB\-n\fP|\fB\-\-dont\-fork\fP]
[\fB\-d\fP|\fB\-\-dump\-conf\fP]
[\fB\-p\fP|\fB\-\-pid\fP=FILE]
[\fB\-r\fP|\fB\-\-vrrp_pid\fP=FILE]
[\fB\-c\fP|\fB\-\-checkers_pid\fP=FILE]
[\fB\-a\fP|\fB\-\-address-monitoring\fP]
[\fB\-b\fP|\fB\-\-bfd_pid\fP=FILE]
[\fB\-s\fP|\fB\-\-namespace\fP=NAME]
[\fB\-i\fP|\fB\-\-config-id\fP id]
[\fB\-x\fP|\fB\-\-snmp\fP]
[\fB\-A\fP|\fB\-\-snmp-agent-socket\fP=FILE]
[\fB\-u\fP|\fB\-\-umask\fP=NUMBER]
[\fB\-m\fP|\fB\-\-core\-dump\fP]
[\fB\-M\fP|\fB\-\-core\-dump\-pattern\fP[=PATTERN]]
[\fB\-\-signum\fP=SIGFUNC]
[\fB\-t\fP|\fB\-\-config\-test\fP[=FILE]]
[\fB\-\-perf\fP[={all|run|end}]]
[\fB\-\-debug\fP[=debug-options]]
[\fB\-v\fP|\fB\-\-version\fP]
[\fB\-h\fP|\fB\-\-help\fP]

.SH "DESCRIPTION"
Keepalived provides simple and robust facilities for load\-balancing
and high\-availability. The load\-balancing framework relies on the
well\-known and widely used Linux Virtual Server (IPVS) kernel module
providing Layer4 load\-balancing. Keepalived implements a set of
checkers to dynamically and adaptively maintain and manage a
load\-balanced server pool according to their health. Keepalived also
implements the VRRPv2 and VRRPv3 protocols to achieve high\-availability
with director failover.

.SH "OPTIONS"
.TP
\fB -f, --use-file\fP=FILE
Use the specified configuration file. The default configuration file
is "@DEFAULT_CONFIG_FILE@".
.TP
\fB -P, --vrrp\fP
Only run the VRRP subsystem. This is useful for configurations that do
not use the IPVS load balancer.
.TP
\fB -C, --check\fP
Only run the healthcheck subsystem. This is useful for configurations
that use the IPVS load balancer with a single director with no failover.
.TP
\fB -B, --no_bfd\fP
Don't run the BFD subsystem.
.TP
\fB --all\fP
Run all subsystems, even if they have no configuration.
.TP
\fB -l, --log-console\fP
Log messages to the local console. The default behavior is to log
messages to syslog.
.TP
\fB -D, --log-detail\fP
Detailed log messages.
.TP
\fB -S, --log-facility\fP=[0-7]
Set syslog facility to LOG_LOCAL[0-7]. The default syslog facility is LOG_DAEMON.
.TP
\fB -g, --log-file\fP=FILE
Write log entries to FILE. FILE will have _vrrp, _healthcheckers, and _bfd
inserted before the last '.' in FILE for the log output for those processes.
.TP
\fB --flush-log-file\fP
If using the -g option, the log file stream will be flushed after each write.
.TP
\fB -G, --no-syslog\fP
Do not write log entries to syslog. This can be useful if the rate of writing
log entries is sufficiently high that syslog will rate limit them, and the -g
option is used instead.
.TP
\fB -X, --release-vips\fP
Drop VIP on transition from signal.
.TP
\fB -V, --dont-release-vrrp\fP
Don't remove VRRP VIPs and VROUTEs on daemon stop. The default
behavior is to remove all VIPs and VROUTEs when keepalived exits.
.TP
\fB -I, --dont-release-ipvs\fP
Don't remove IPVS topology on daemon stop. The default behavior it to
remove all entries from the IPVS virtual server table when
keepalived exits.
.TP
\fB -R, --dont-respawn\fP
Don't respawn child processes. The default behavior is to restart the
VRRP and checker processes if either process exits.
.TP
\fB -n, --dont-fork\fP
Don't fork the daemon process. This option will cause keepalived to
run in the foreground.
.TP
\fB -d, --dump-conf\fP
Dump the configuration data.
.TP
\fB -p, --pid\fP=FILE
Use the specified pidfile for the parent keepalived process. The default
pidfile for keepalived is "/var/run/keepalived.pid", unless a network
namespace is being used. See
.B NAMESPACES
below for more details.
.TP
\fB -r, --vrrp_pid\fP=FILE
Use the specified pidfile for the VRRP child process. The default pidfile
for the VRRP child process is "/var/run/keepalived_vrrp.pid", unless a
network namespace is being used.
.TP
\fB -c, --checkers_pid\fP=FILE
Use the specified pidfile for checkers child process. The default pidfile
for the checker child process is "/var/run/keepalived_checkers.pid" unless
a network namespace is being used.
.TP
\fB -a, --address-monitoring\fP
Log all address additions/deletions reported by netlink.
.TP
\fB -b, --bfd_pid\fP=FILE
Use the specified pidfile for the BFD child process. The default pidfile
for the BFD child process is "/var/run/keepalived_bfd.pid" unless
a network namespace is being used.
.TP
\fB -s, --namespace\fP=NAME
Run keepalived in network namespace NAME. See
.B NAMESPACES
below for more details.
.TP
\fB -i, --config-id ID
Use configuration id ID, for conditional configuration (defaults to
hostname without the domain name).
.TP
\fB -x, --snmp\fP
Enable the SNMP subsystem.
.TP
\fB -A, --snmp-agent-socket\fP=FILE
Use the specified socket for connection to SNMP master agent.
.TP
\fB -u, --umask\fP=NUMBER
The umask specified in the usual numeric way - see man umask(2)
.TP
\fB -m, --core-dump\fP
Override the RLIMIT_CORE hard and soft limits to enable keepalived to
produce a coredump in the event of a segfault or other failure.
This is most useful if keepalived has been built with 'make debug'.
Core dumps will be created in /, unless keepalived is run with the
--dont-fork option, in which case they will be created in the directory
from which keepalived was run, or they will be created in the directory
of a configuraton file if the fault occurs while reading the file.
.TP
\fB -M, --core-dump-pattern\fP[=PATTERN]
Sets option --core-dump, and also updates /proc/sys/kernel/core_pattern
to the pattern specified, or 'core' if none specified.
Provided the parent process doesn't terminate abnormally, it will restore
/proc/sys/kernel/core_pattern to its original value on exit.

\fBNote:\fP This will also affect any other process producing a core dump while keepalived is running.
.TP
\fB --signum\fP=PATTERN
Returns the signal number to use for STOP, RELOAD, DATA, STATS and JSON.
For example, to stop keepalived running, execute:
.IP
.nf
kill -s $(keepalived --signum=STOP) $(cat /var/run/keepalived.pid)
.fi
.TP
\fB -t, --config-test\fP[=FILE]
Keepalived will check the configuration file and exit with non-zero exit
status if there are errors in the configuration, otherwise it exits with
exit status 0 (see \fBExit status\fP below for details).

Rather that writing to syslog, it will write diagnostic messages to stderr
unless file is specified, in which case it will write to the file.
.TP
\fB --perf\fP[={all|run|end}]
Record perf data for vrrp process. Data will be written to /perf_vrrp.data.
The data recorded is for use with the perf tool.
.TP
\fB --debug\fP[=debug-options]]
Enables debug options if they have been compiled into keepalived.
\fIdebug-options\fP is made up of a sequence of strings of the form Ulll.
.br
The upper case letter specifies the debug option, and the lower case letters
specify for which processes the option is to be enabled.
.br
If a debug option is not followed by any lower case letters, the debug option
is enabled for all processes.
.PP
.RS
The characters to identify the processes are:
.TS
tab(@);
c l
c l.
Chr@Process
_
p@Parent process
b@BFD process
c@Checker process
v@VRRP process
.TE
.PP
The characters used to identify the debug options are:
.TS
tab(@);
c l.
Chr@Debug option
_
D@Epoll thread dump
E@Epoll debug
F@VRRP fd debug
N@Netlink timers
P@Network timestamp
X@Regex timers
M@Email alert debug
T@Timer debug
S@TSM debug
R@Regex debug
.TE
.PP
\fBExample:\fP --debug=DvEcvNR
.RE
.TP
\fB -v, --version\fP
Display the version and exit.
.TP
\fB -h, --help\fP
Display this help message and exit.
.SS "Exit status:"
.TP
0
if OK
.TP
1
if unable to malloc memory
.TP
2
if cannot initialise subsystems
.TP
3
if running with --config-test and configuration cannot be run
.TP
4
if running with --config-test and there are configuration errors but keepalived
will run after modifying the configuration
.TP
5
if running with --config-test and script security hasn't been enabled but scripts
are configured.
.SH NAMESPACES
.B keepalived
can be run in a network namespace (see
\fBkeepalived.conf\fP(5) for configuration details). When
run in a network namespace, a local mount namespace is also
created, and /var/run/keepalived/keepalived_NamespaceName
is mounted on /var/run/keepalived. By default, pid files with
the usual default names are then created in
/var/run/keepalived from the perspective of a process in the
mount namespace, and they will be visible in
/var/run/keepalived/keepalived_NamespaceName for a process
running in the default mount namespace.

.SH SIGNALS
.B keepalived
reacts to a set of signals.  You can send a signal to
the parent
.B keepalived
process using the following:
.IP
.nf
kill -SIGNAL $(cat /var/run/keepalived.pid)
.fi
.PP
or better:
.IP
.nf
kill -s $(keepalived --signum=SIGFUNC) $(cat /var/run/keepalived.pid)
.fi
.PP
Note that if the first option is used, -SIGNAL must be
replaced with the actual signal you are trying to send,
e.g. with HUP. So it then becomes:
.IP
.nf
kill -HUP $(cat /var/run/keepalived.pid)
.fi
.PP
Signals other than for STOP, RELOAD, DATA and STATS may change depending
on the kernel, and also what functionality is included in the version of
the keepalived depending on the build options used.
.PP
.TP
.B HUP\fP or \fBSIGFUNC=RELOAD
This causes
.B keepalived
to close down all interfaces, reload its configuration, and
start up with the new configuration.
.TP
.B TERM\fP, \fBINT\fP or \fBSIGFUNC=STOP
.B keepalived
will shut down.
.TP
.B USR1\fP or \fBSIGFUNC=DATA
Write configuration data to
.B /tmp/keepalived.data
.TP
.B USR2\fP or \fBSIGFUNC=STATS
Write statistics info to
.B /tmp/keepalived.stats
.LP
.TP
.B SIGFUNC=JSON
Write configuration data in JSON format to
.B /tmp/keepalived.json
.LP
.SH "USING KEEPALIVED WITH FIREWALLD"
If you are running a firewall (see
.BR firewalld (8) )
you must allow VRRP protocol traffic through the firewall. For example
if this instance of
.B keepalived(8)
has a peer node on IPv4 address 192.168.0.1:
.IP
.nf
# firewall-cmd \\
    --add-rich-rule="rule family='ipv4' \\
                     source address='192.168.0.1' \\
                     protocol value='vrrp' accept" --permanent
# firewall-cmd --reload
.fi
.SH "SEE ALSO"
\fBkeepalived.conf\fP(5), \fBipvsadm\fP(8)

.SH "AUTHOR"
This man page was written by Ryan O'Hara <rohara@redhat.com>
